Epsilon Red / Bug in Microsoft PatchGuard / Necro Python bot

Welcome to the Xopero Security Center! What technological news has captured the imagination of IT specialists and geeks around the world? There were quite a few of them, but we have selected four (plus 10 extra) most interesting. Today’s release opens the new strain of Barebones ransomware called Epsilon Red. Marvel’s comic book fans will probably be familiar with this name. What makes this “villain” different from other threats? Namely, the fact that it is basing the attack chain on PowerShell scripts. Another topic concerns vulnerabilities in Microsoft PatchGuard. The newly detected bug allows attackers to load malicious code directly into the Windows kernel. We also describe the changes that took place inside the Necro Python bot. The latest update brings a number of fresh features as well as exploits for 10 applications – including VMware. The last article is about malicious ads visible on the Google network that can be delivered to your computers by the info stealer.

Enough small talk it’s time to check the whole post.

Read more

New critical security bug in VMware vCenter allows a full takeover

Last week turned out to be extremely unfavorable for Apple. First, the world heard about a new 0-day vulnerability that allows attackers to secretly perform print screens. Yes, let’s forget about any privacy… And then just a few days later, news about M1RACLES has come to our attention too. What is all the hype about? The bug is a result of a flaw in the M1 design. And what is even worse… That information you will find below. In this issue, we also describe a new variant of the Rowhammer attack. Half-Double – this is the name it got – allows bypassing all current defenses. However, today’s Security Center opens the news about a new critical bug detected in VMware vCenter. Given the scale of the threat (9.8/10 CVSS!), exploiting the vulnerability is trivial. Hence the pressure from security experts and the vendor itself to urgently update vulnerable systems.

Read more

MountLocker ransomware / Four 0-day in Android / Scheme flooding / Mercedes-Benz with bugs

Welcome to the newest episode of the Xopero Security Center. What have we got in store this week? First, MountLocker ransomware has been enhanced with a new “skill”. The threat is now able to use Active Directory to efficiently search company networks and infect devices connected to it. We also describe the four most recent 0-day security vulnerabilities found in Android. We also introduce you to the new attack called scheme flooding. This is a very neat method of user profiling based on the applications installed on the device. Today’s release ends with the news about Mercedes. Researchers identified five vulnerabilities in the latest infotainment system in Mercedes-Benz cars. Are you curious and ready for more? Great, then let’s enjoy your ride… eh reading.

Read more

Retention policies in Office 365 vs. full control over retention in Xopero ONE

What is data retention and why is it important for your company to know retention policies in Office 365? Data retention is a set of policies about which data should be stored and for how long. Probably every company has its own rules here and if not – it should. There is also a chance that your company needs to comply with some legal requirements regarding storing the files and formal documentation. 

Read more

21Nails flaws in Exim servers / Dell with 12 years old security problem / Qualcomm

In today’s Security Center, we revolve around big numbers. We will start with… Dell. The popular computer vendor has a serious problem. Due to a bug that is over 12 years old, millions of users are vulnerable to attack. 2nd: nearly 30% of all mobile phones can become the “entry point” for a more complex attack. The culprit? The Qualcomm’s Mobile Station Modem. 3rd: 21 serious vulnerabilities were detected in Exim mail servers. They are a kind of package, so they also got a collective name – 21Nails. Are they really the proverbial final nails in the coffin? Check for yourself. In this issue, we also describe the apps – downloaded more than 100 million times – with the hard-coded Amazon Web Services private keys. At this point, we can only say that the risk of cyber attacks is really high. Hungry for knowledge? Then please, go ahead and read the rest.

Read more

Look out America! FluBot, the newest SMS phishing scam is coming for you next

Many SMS scams are mostly focused on phishing and trying to trick the user into filling in a form with valuable credentials, FluBot differs from these threats and goes one step ahead. This new banking malware – described in today’s Security Center issue – tries to install malicious software on the phone itself and then uses the device to spread into the user’s contact network. And even if the success rate of this campaign will be low, with the number of SMS being sent out, it will be very profitable for threat actors. Who is behind this most ‘successful’ smishing campaign? How dangerous the FluBot really is? Check the blog post below – and don’t click on any suspicious link or download applications from unreliable sources.

Read more

Microsoft Exchange backup with Xopero ONE – why backup Office 365 emails

Whether you already use Microsoft Exchange Online, or still considering it, there is one thing you need to be prepared for – to backup office 365 emails. You might think that Microsoft protection is enough for your needs, but the fact is that in case of disaster on the client-side Microsoft takes no responsibility for the data you store. That also applies to all your emails which as the main communication channel in your company includes confidential information, documents and your business secrets. In this article, we will take a look at why you should backup office 365 emails, and how to do it with Xopero Software.

Read more

New QNAP NAS flaws exploited in recent Qlocker ransomware attacks

When we were preparing this Security Center issue, none of us thought that the new campaign which targets QNAP NAS devices is going to escalate in a such way. In just five days, attackers using only the 7zip archive program remotely encrypted QNAP NAS devices – with Qlocker ransomware – from all over the world. How was it possible? Threat actors scanned for devices connected to the Internet and exploited them using the recently disclosed vulnerabilities. More information about these security bugs can be found below.

Read more